Executive Summary

This vulnerability is an information disclosure issue in the TYPO3 CMS File Abstraction Layer. When certain low-level file-system operations fail, error messages reveal the full file paths of files on the server. This exposure happens only to backend users with valid accounts. The problem affects TYPO3 versions 9.0.0 through 13.4.17 and is classified as CWE-209, meaning sensitive information is leaked through error messages. [1]

Useful 0 Not Useful 0

Impact Analysis

The vulnerability can allow an attacker with backend user access to see full file paths on the server, which could aid in further attacks by revealing the server's directory structure. Although the impact on confidentiality is considered low, this information disclosure can help attackers understand the environment better and potentially exploit other vulnerabilities. [1]

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by verifying if your TYPO3 CMS installation is running any of the affected versions (9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 12.0.0-12.4.36, or 13.0.0-13.4.17). Since exploitation requires a valid backend user account and involves error messages disclosing full file paths during failed low-level file operations, you can monitor backend logs for error messages revealing file paths. There are no specific commands provided in the resources to detect the vulnerability directly on the network or system. [1]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include updating your TYPO3 CMS installation to the fixed versions: 9.5.55 ELTS, 10.4.54 ELTS, 11.5.48 ELTS, 12.4.37 LTS, or 13.4.18 LTS. Additionally, follow the TYPO3 Security Guide recommendations to reduce risk. Restrict backend user access to trusted personnel only, as exploitation requires a valid backend user account. [1]

Useful 0 Not Useful 0